- Vercel confirms cyberattack via compromised Context.ai account
- An attacker accessed an employee’s Google Workspace and exposed non-sensitive environment data
- Dark Web Actor Claims Link to ShinyHunters, Sells Alleged Vercel Source Code and Records of 580 Employees for $2 Million
Cloud development platform Vercel has confirmed that it suffered a cyberattack and lost “non-sensitive” customer data. In a new security bulletin released earlier this morning, the company’s security team said that over the weekend it “identified a security incident involving unauthorized access to certain internal Vercel systems.”
This appears to be an attack on the supply chain. Vercel said one of his employees used a third-party AI tool called Context.ai, which appears to have been used as an entry point.
“The incident is due to a Context.ai compromise,” the advisory states, indicating that the attacker used this access to take control of this employee’s Google Workspace account. Through this, they gained access to certain Vercel environments and environment variables that were not marked as ‘sensitive’.
Article continues below
ShinyHunters (does not claim) responsibility
Vercel did not say how many customers were compromised or what type of information he lost. He said he has already notified everyone involved, recommending an immediate rotation of credentials.
“We continue to investigate whether and what data was exfiltrated and will contact our customers if we discover further evidence of compromise. We have deployed extensive protection and monitoring measures. Our services remain operational,” the notice said.
Just a day before sharing this announcement, a new thread appeared on a dark web forum, announcing the sale of Vercel’s sensitive data, BeepComputer find.
“Hello everyone. Today I’m selling Vercel access key/source code/database,” the ad reads.
The threat actor also shared a text file containing information about Vercel employees, apparently containing 580 data records with names, email addresses, account statuses, and timestamps of activity. They are reportedly demanding $2 million in exchange for the deletion and non-disclosure of the stolen files.
It’s also worth noting that this threat actor claims to be part of the extortion group ShinyHunters, but the group appears to have distanced itself from this incident.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
